How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency

After a series of ransomware attacks capturing the headlines past year, crypto mining malware and cryptojacking attacks came into the play. Just last month, a Starbucks customer found that the infected Wi-Fi hotspot was trying to mine Monero digital coins. It was a new kind of threat associated with using public hotspots, which are often labeled unsafe and users are advised to use VPN services for extra privacy.

In a similar development, a security researcher named Arnau has published a proof-of-concept project that showcases how troublesome actors can exploit such public Wi-Fi networks and print free money.

Named CoffeeMiner, this attack uses a script to perform autonomous MITM attack to inject some malicious JavaScript code into the HTML pages. The attack has been tested in the real-world scenario to turn smartphones and PCs into cryptomining bots.

For performing MITM attack, the ARP spoofing technique is used. The researcher used dsniff library to perform the ARP spoofing attack. Using another tool named mitmproxy, the traffic going to the host is analyzed and JavaScript code is injected. To make the process cleaner, a single line of HTML code is injected; this line calls the miner.

As expected, the miner being used in the concept is from CoinHive. It’s a Monero miner that uses the CPU power to calculate hashes with Cryptonight PoW hash algorithm for mining.

The real-world demo of the attack using Kali Linux is shown below. The researcher has shared this attack for academic purposes and to showcase how easily one cybercriminal can exploit your weak security practices.